Security
Headlines
HeadlinesLatestCVEs

Tag

#buffer_overflow

CVE-2021-21944: TALOS-2021-1374 || Cisco Talos Intelligence Group

Two heap-based buffer overflow vulnerabilities exist in the TIFF parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities.This heap-based buffer oveflow takes place trying to copy the first 12 bits from local variable.

CVE
Open in Source
#vulnerability#microsoft#cisco#intel#pdf#buffer_overflow#sap
CVE-2021-21946: TALOS-2021-1375 || Cisco Talos Intelligence Group

Two heap-based buffer overflow vulnerabilities exists in the JPEG-JFIF lossless Huffman image parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities.This heap-based buffer overflow takes place when the `SOF3` precision is lower than 9.

CVE-2022-27008: SEGV njs_array.c:335:41 in njs_array_add · Issue #471 · nginx/njs

nginx njs 0.7.2 is vulnerable to Buffer Overflow. Type confused in Array.prototype.concat() when a slow array appended element is fast array.

CVE-2022-27418: Heap-buffer-overflow in tcpreplay · Issue #703 · appneta/tcpreplay

Tcpreplay v4.4.1 has a heap-based buffer overflow in do_checksum_math at /tcpedit/checksum.c.

CVE-2022-27387: [MDEV-26422] ASAN: global-buffer-overflow in decimal_bin_size on SELECT

MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements.

CVE-2022-20066: May 2022

In atf (hwfde), there is a possible leak of sensitive information due to incorrect error handling. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171729; Issue ID: ALPS06171729.

CVE-2022-24793: Merge pull request from GHSA-p6g5-v97c-w5q4 · pjsip/pjproject@9fae8f4

PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.12 and prior affects applications that uses PJSIP DNS resolution. It doesn't affect PJSIP users who utilize an external resolver. A patch is available in the `master` branch of the `pjsip/pjproject` GitHub repository. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver instead.

CVE-2022-1253: Heap-based Buffer Overflow in libde265

Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix is established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but does not yet belong to an official release.

CVE-2022-1238: Fix another oobread segfault in the NE bin parser ##crash · radareorg/radare2@c40a4f9

Heap-based Buffer Overflow in libr/bin/format/ne/ne.c in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html).

CVE-2022-0800: Stable Channel Update for Desktop

Heap buffer overflow in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.